Important PCI Changes!

PCI v3.2 Migrating SSL/Early TLS June 30 Deadline

SSL/early TLS are no longer considered secure forms of encryption for payment card data!

PCI DSS v3.1 published in April 2015 included a June 2016 deadline for disabling SSL/early TLS and implementing a secure encryption protocol. Based on industry feedback, in December 2015 PCI SSC revised the deadline from 30 June 2016 to 30 June 2018. This date is included in Appendix A2 of PCI DSS v3.2, published in April 2016.

The IGA has its networks upgraded to TLS protocols supporting 1.0,1.1 and 1.2. We have ceased support for SSL v2 and SSL v3, we are going to terminate support for TLS 1.0 soon! Please make sure you have upgraded to the latest browser version and disabled SSL and TLS 1.0. Your information is at risk whenever you are using SSL and TLS 1.o!

What is the risk?

Because of its widespread use online, SSL/early TLS has been targeted by security researchers and attackers. Many serious vulnerabilities in SSL/early TLS (e.g. POODLE, BEAST, CRIME, Heartbleed) have been uncovered over the past 20 years, making it an unsafe method for protecting sensitive data.

Online and e-commerce environments using SSL/ early TLS are most susceptible to these vulnerabilities and should be upgraded immediately. E-commerce merchants are also encouraged to implement a customer communication strategy to educate their customers about the dangers of using outdated browser software and the risk this poses to customer data.

What Can I Do As A Merchant?

Start using TLS 1.1 or 1.2 now! Some versions of Windows Server (including Windows Server 2008 using IIS 7) allow SSL 2.0 and SSL 3.0 by default. Unfortunately, these are insecure protocols and you will fail a PCI Compliance scan if you don't disable them. To properly secure your server and ensure that you pass your PCI-DSS scans, you will need to disable SSL 2.0, SSL 3.0 and disable weak ciphers. Other algorithms are also insecure and current ones may be deprecated in the future. Make sure to follow SSL Deployment Best Practices when determining which protocols and ciphers to enable.

If You Are Using Window Server, You Probably Has SSL Enabled. Follow The Steps Below To Disable Them.

Using A GUI

The simplest way to disable insecure protocols and ciphers is to use a GUI. Because Windows doesn't provide such an interface, you'll need to use a tool like Nartac's IIS Crypto tool to disable the insecure options.

Manually Disable SSL 2.0 and SSL 3.0

In order to manually disable SSL 2.0 and SSL 3.0 and make sure that the stronger TLS protocols are used, follow these instructions:

Note: This process is essentially the same on an IIS 6 (Windows Server 2003) machine. Normally, the Server key under SSL 2.0 will already be created so you will just need to create a new DWORD value under it and name it Enabled.

Disable Weak Ciphers In IIS 7.0

In addition to disabling SSL 2.0, you can disable some weak ciphers by editing the registry in the same way. To speed up the process, you can paste the following in to a text file and name it disableWeakCiphers.reg, then double-click it.

What Can I Do As A Customer?

There's not much you can do if your favour store isn't supporting TLS 1.1 and 1.2, BUT you can protect yourself against websites that are not using TLS 1.1 and 1.2.

CHANGE YOUR BROWSER DEFAULT! For many browsers, you can set whether to enable SSL and TLS 1.0 or disable it. It is suggested to disable them as it will not allow connection using SSL or TLS 1.0, which means you won't be able to use websites that runs on SSL and TLS 1.0 but it certainly protects you from it. IGA Websites including MonsterBuster.Club has terminated support to SSL v2 and SSL v3. This protects you and your passwords from hackers.

So how to change it?

Internet Explorer

Open Internet Explorer

Click Tools

Click Internet Options

Click the Advanced tab

Uncheck the options for Use SSL 2.0 and Use SSL 3.0. If possible, do the same for TLS 1.0.

Click OK

Exit and relaunch the browser

Chrome

Open Google Chrome

Click the Chrome menu button. Note: The button is in the upper right of the browser and is indicated by three horizontal lines.

Click Settings

Click Show advanced settings

Click Change proxy settings under the Network section

Click the Advanced tab

Uncheck the options for Use SSL 2.0 and Use SSL 3.0. If possible, do the same for TLS 1.0.

Close the Settings tab

Exit and relaunch the browser

Firefox (Window)

Open Mozilla Firefox

Click the Firefox menu

Click Options

Click the Advanced icon

Click the Encryption tab

Uncheck the options for Use SSL 2.0 and Use SSL 3.0. If possible, do the same for TLS 1.0.

Click OK

Exit and relaunch the browser

Firefox (macOS)

Open Mozilla Firefox

Click the Firefox menu

Click Preferences

Click the Advanced icon

Click the Encryption tab

Uncheck the options for Use SSL 2.0 and Use SSL 3.0. If possible, do the same for TLS 1.0.